Activity $1$: CAPTURING LIVE NETWORK TRAFFIC.

Introduction

Wireshark enables the live capturing of packet for the purpose of network analysis and troubleshooting. These packet traffic captures can be saved in several formats, merged, and printed. Single packets or packets with similar properties can also be marked specially for the purpose of identification or grouping.

$-$objective

To test the knowledge of Wireshark's live network traffic capturing capability and features.

Requirements

Textbook

Internet connectivity.

Download and install Wireshark.

Tasks

$($Read steps $1-4$ before you start. Capturing and browsing should be done ALMOST simultaneously$).$

Step $1$: Start a capture on Wireshark.

Step $2$: Perform four different Internet transactions from your computer, i$.$e$.,$ browse four different websites one at a time for several minutes $($the longer the better$).$

Step $3$: After browsing website $1$ for several minutes, stop the capture, then save the capture as a Wireshark file with name: "Your Initials$-$Capture$\_1",$ i$.$e$.,$ OB$-$Capture$\_1.$ Go to File on the menu, click on "Close" to close the capture. Upload the Wireshark Capture file with your submission. $(2$ points$)$

Step $4$: Perform the same task in Step $3$ for website $2,3,4$ separately. Note that you need to Start a new Wireshark Capture for each website. Upload the Wireshark Capture files for grading. $(6$ points$)$

At the end of Step $4,$ you should have $4$ captured files from $4$ different web transactions saved as specified. For example, capture from

nmsu.edu saved as OB$-$Capture$\_1,$ capture from

yahoo.com saved as OBCapture$\_2,$ capture from

apple.com saved as OB$-$Capture$\_3,$ and capture from

cnn$.$com saved as OBCapture$\_4.$ Do not forget to upload ALL four Wireshark capture files with your submission for grading. Step $5$: List the four websites that you browsed. $(2$ points$)$

Step $6$: List ALL protocols in each captured file and state the OSI layer for each protocol. Use the table format below. The table entries are hypothetical examples, use real names of the protocols for your table. $(6$ points$)$

$\backslash$table$[[$Capture $1($nmsu$.$edu$),$Capture $2($yahoo$.$com$),$Capture $3($apple$.$com$),$Capture $4($cnn$.$com$),],[$Protocol$,$OSI layer,Protocol,OSI layer,Protocol,OSI layer,Protocol,OSI layer$],[$A$,$Application,Z$,$Network,K$,$Physical,D$,$Session$]]$

Step $7$: Complete the table below for each captured file. An example is given below. $(6$ points$)$

$\backslash$table$[[$Capture File name,Total Number of Packets Captured,Most common protocol$],[$OB$-$Capture$\_1,12391$ packets,Quick UDP Internet Connections $($QUIC$)]]$

Step $8$: Use a display filter expression to filter the most common protocol in "Your Initials$-$Capture$\_1"$ file. Take a SNIP of the Wireshark window. Circle the information that shows the number of packets generated by this protocol. Provide a SNIP of the file showing the filtered protocol and # of packets generated. $(5$ points$)$ Step $9$: From the menu of "Your Initials$-$Capture$\_1"$ file, select File$=>$Export Specified Packets $($Consult page $54$ of the textbook$)$ to export the most common protocol into a separate file. Name this new Wireshark file "Your Initials$-$Export$\_1".$ Provide a SNIP of this new Wireshark file. $(2$ points$)$

Step $10.$ Select File $=>$ Export Packet Dissections to export the file "Your Initials$-$Capture$\_1"$ into a Plaintext file. Name this new file "Your Initials$-$Plaintext$\_1.$ Provide a SNIP of this Plaintext file. $(3$ points$)$ Step $11$: Merge the files "Your Initials$-$Capture$\_1$ and "Your Initials$-$Capture$\_2.($Hint: Consult page $55$ of textbook$).$ Name the merged file "Your Initials$-$Merge$12.$ Take a SNIP of the Wireshark window of the merged file. Circle the information that shows the total number of packets in this merged file. Provide a SNIP of the merged Wireshark file. $(3$ points$)$

Step $12$: Mark the $2$nd packet in the merged file in Step $11.$ Provide a SNIP showing marked packet. $(4$ points$)$ Step $13$: Print the packets $1-16$ in "Your Initials$-$Capture $3"$ file into a PDF file. Name the PDF file "Your Initials$-$PDF$\_3.$ Upload this PDF file for grading. $(5$ points$)$

Step $14$: Open "Your Initials$-$Capture $4"$ file, select Statistics $=>$ Capture File Properties, then expand the window that appears till all the information is shown. Provide a SNIP of this Wireshark window with the full Capture File Properties information. $(3$ points$).$